haldomain: add hwbinder_use

All hals need to use hwbinder.

Test: no additional denials
Bug: 34180936
Change-Id: Ie92cdbd79fc75062c4afa4cda53cb57ccde7e370

private/haldomain.te

@@ -1,3 +1,5 @@
 ###
 ### Rules for all HAL implementations
 ###
+
+hwbinder_use(haldomain)

public/hal_allocator.te

@@ -3,6 +3,3 @@ type hal_allocator, domain;
 hal_impl_domain(hal_allocator)
 
 type hal_allocator_exec, exec_type, file_type;
-
-# hwbinder access
-hwbinder_use(hal_allocator)

public/hal_audio.te

@@ -1,4 +1,3 @@
-hwbinder_use(hal_audio)
 binder_use(hal_audio)
 binder_call(hal_audio, audioserver)
 binder_call(hal_audio, system_server)

public/hal_bluetooth.te

@@ -1,6 +1,3 @@
-# hwbinder access
-hwbinder_use(hal_bluetooth)
-
 r_dir_file(hal_bluetooth, system_file)
 
 # call into the Bluetooth process (callbacks)

public/hal_boot.te

@@ -4,8 +4,5 @@ hal_impl_domain(hal_boot)
 
 type hal_boot_exec, exec_type, file_type;
 
-# hwbinder access
-hwbinder_use(hal_boot)
-
 # call into system_server process (callbacks)
 binder_call(hal_boot, system_server)

public/hal_contexthub.te

@@ -1,5 +1,2 @@
-# hwbinder access
-hwbinder_use(hal_contexthub)
-
 # call into system_server process (callbacks)
 binder_call(hal_contexthub, system_server)

public/hal_dumpstate.te

@@ -1,6 +1,3 @@
-# hwbinder access
-hwbinder_use(hal_dumpstate)
-
 # call into dumpstate process (callbacks)
 binder_call(hal_dumpstate, dumpstate)
 

public/hal_fingerprint.te

@@ -1,5 +1,3 @@
-hwbinder_use(hal_fingerprint)
-
 # Scan through /system/lib64/hw looking for installed HALs
 allow hal_fingerprint system_file:dir r_dir_perms;
 

public/hal_gatekeeper.te

@@ -1,6 +1,3 @@
-# hwbinder access
-hwbinder_use(hal_gatekeeper)
-
 # call into gatekeeperd process (callbacks)
 binder_call(hal_gatekeeper, gatekeeperd)
 

public/hal_gnss.te

@@ -1,4 +1 @@
-# hwbinder access
-hwbinder_use(hal_gnss)
-
 binder_call(hal_gnss, system_server)

public/hal_graphics_allocator.te

@@ -1,6 +1,3 @@
-# hwbinder access
-hwbinder_use(hal_graphics_allocator)
-
 # GPU device access
 allow hal_graphics_allocator gpu_device:chr_file rw_file_perms;
 allow hal_graphics_allocator ion_device:chr_file r_file_perms;

public/hal_graphics_composer.te

@@ -1,5 +1,3 @@
-# HwBinder access
-hwbinder_use(hal_graphics_composer)
 # IComposerCallback
 binder_call(hal_graphics_composer, surfaceflinger)
 

public/hal_health.te

@@ -1,6 +1,3 @@
-# hwbinder access
-hwbinder_use(hal_health)
-
 # call into healthd for callbacks
 binder_call(hal_health, healthd)
 

public/hal_ir.te

@@ -1,5 +1,2 @@
-# hwbinder access
-hwbinder_use(hal_ir)
-
 # call into system_server process (callbacks)
 binder_call(hal_ir, system_server)

public/hal_light.te

@@ -1,5 +1,2 @@
-# hwbinder access
-hwbinder_use(hal_light)
-
 # call into system_server process (callbacks)
 binder_call(hal_light, system_server)

public/hal_memtrack.te

@@ -1,2 +0,0 @@
-# hwbinder access
-hwbinder_use(hal_memtrack);

public/hal_nfc.te

@@ -1,6 +1,3 @@
-# hwbinder access
-hwbinder_use(hal_nfc)
-
 # call into NFC process (callbacks)
 binder_call(hal_nfc, nfc)
 

public/hal_power.te

@@ -1,2 +0,0 @@
-# hwbinder access
-hwbinder_use(hal_power);

public/hal_sensors.te

@@ -1,2 +0,0 @@
-# hwbinder access
-hwbinder_use(hal_sensors)

public/hal_telephony.te

@@ -1,5 +1,3 @@
 # Perform HwBinder IPC.
-hwbinder_use(hal_telephony)
 binder_call(hal_telephony, radio)
 binder_call(hal_telephony, bluetooth)
-

public/hal_thermal.te

@@ -1,5 +1,2 @@
-# hwbinder access
-hwbinder_use(hal_thermal)
-
 # call into system_server process (callbacks)
 binder_call(hal_thermal, system_server)

public/hal_vibrator.te

@@ -1,5 +1,2 @@
-# hwbinder access
-hwbinder_use(hal_vibrator)
-
 # vibrator sysfs rw access
 allow hal_vibrator sysfs_vibrator:file rw_file_perms;

public/hal_vr.te

@@ -1,5 +1,2 @@
-# hwbinder access
-hwbinder_use(hal_vr)
-
 # call into system_server process
 binder_call(hal_vr, system_server)

public/hal_wifi.te

@@ -1,6 +1,3 @@
-## hwbinder access
-hwbinder_use(hal_wifi)
-
 ## call into system_server process (for invoking callbacks)
 binder_call(hal_wifi, system_server)